---

gitea_fqdn: git.metaunix.net
gitea_http_port: 3000
gitea_data_dir: /var/lib/gitea

# use the default SSH server for git operations, not Gitea's built-in one
gitea_ssh_port: 22
gitea_user: git
gitea_start_ssh: False

gitea_disable_registration: True
gitea_show_registration_button: False
gitea_require_signin: False

gitea_enable_push_create_org: True
gitea_enable_push_create_user: True

# Apache reverse proxy config
apache_mods_enabled_gitea:
  - proxy
  - proxy_http
  - rewrite
  - headers
apache_vhosts_gitea:
  - servername: git.metaunix.net
    documentroot: /var/www/html
    extra_parameters: |
      ProxyPreserveHost On
      ProxyPass / http://127.0.0.1:3000/
      ProxyPassReverse / http://127.0.0.1:3000/

# Nginx reverse proxy config
nginx_worker_processes: "{{ ansible_processor_vcpus|default(ansible_processor_count) }}"
nginx_worker_connections: '1024'
nginx_multi_accept: 'off'
nginx_remove_default_vhost: True
nginx_vhosts:
  - listen: '80 default_server'
    server_name: 'gitea.int.metaunix.net git.metaunix.net'
    extra_parameters: |
      # Proxy settings for Gitea
      location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 30;
      }

      # Optional: serve /assets directly if needed
      location /assets/ {
        proxy_pass http://127.0.0.1:3000/assets/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 30;
      }